函数:正则过滤sql关键字
'----------------------------------------------------------------'
' checkStr
' 过滤特殊字符,主要是去掉 SQL 关键词
' 参数:
' str 需要被过滤的字符串
' 返回值:字符串 (经过过滤后的字符串)
'----------------------------------------------------------------'
Function checkStr(byVal str)
s = Trim(s)
If IsNull(s) Then
checkStr = ""
Exit Function
End If
str = Replace(str, "&", "&")
str = Replace(str, "'", "'")
str = Replace(str, """", """)
' 正则,替换 SQL 关键词
Dim re
Set re = New RegExp
re.IgnoreCase = True
re.Global = True
re.Pattern = "(w)(here)"
str = re.Replace(str, "$1here")
re.Pattern = "(s)(elect)"
str = re.Replace(str, "$1elect")
re.Pattern = "(i)(nsert)"
str = re.Replace(str, "$1nsert")
re.Pattern = "(c)(reate)"
str = re.Replace(str,"$1reate")
re.Pattern = "(d)(rop)"
str = re.Replace(str, "$1rop")
re.Pattern = "(a)(lter)"
str = re.Replace(str, "$1lter")
re.Pattern = "(d)(elete)"
str = re.Replace(str, "$1elete")
re.Pattern = "(u)(pdate)"
str = re.Replace(str, "$1pdate")
re.Pattern = "(\s)(or)"
str = re.Replace(str, "$1or")
Set re = Nothing
checkStr = str
End Function
'----------------------------------------------------------------'
' uncheckStr
' 恢复特殊字符,checkStr 函数的逆操作
' 参数:
' str 需要被恢复的字符串
' 返回值:字符串 (恢复原来的字符串)
' 这个一般用在编辑的时候,显示用户输入的原始内容
'----------------------------------------------------------------'
Function uncheckStr(ByVal str)
If IsNull(str) Then
uncheckStr = ""
Exit Function
End If
str = Replace(str,"'","'")
str = Replace(str,""","""")
Dim re
Set re = new RegExp
re.IgnoreCase =True
re.Global = True
re.Pattern = "(w)(here)"
str = re.replace(str,"$1here")
re.Pattern = "(s)(elect)"
str = re.replace(str,"$1elect")
re.Pattern = "(i)(nsert)"
str = re.replace(str,"$1nsert")
re.Pattern = "(c)(reate)"
str = re.replace(str,"$1reate")
re.Pattern = "(d)(rop)"
str = re.replace(str,"$1rop")
re.Pattern = "(a)(lter)"
str = re.replace(str,"$1lter")
re.Pattern = "(d)(elete)"
str = re.replace(str,"$1elete")
re.Pattern = "(u)(pdate)"
str = re.replace(str,"$1pdate")
re.Pattern = "(\s)(or)"
Str = re.replace(Str,"$1or")
Set re = Nothing
str = Replace(str, "&", "&")
uncheckStr = str
End Function
这一对函数,正好是相反的两个操作。checkStr,将我们提交的数据进行过滤,替换掉可能导致 SQL 诸如的关键词。uncheckStr,将数据取出,反向过滤,恢复为用户提交的原始状态,一般在编辑的时候需要用到。
本文主题函数:正则过滤sql关键字
